From d8a47e8a2ad9223c16c974f19440c155e937736d Mon Sep 17 00:00:00 2001 From: "aikido-autofix[bot]" <119856028+aikido-autofix[bot]@users.noreply.github.com> Date: Wed, 27 May 2026 22:56:24 +0000 Subject: [PATCH] fix(security): update dependencies --- agent/build.gradle | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/agent/build.gradle b/agent/build.gradle index d6656bf92..1e306c60b 100644 --- a/agent/build.gradle +++ b/agent/build.gradle @@ -9,9 +9,27 @@ dependencies { // Compile only for interface types : compileOnly 'jakarta.servlet:jakarta.servlet-api:6.1.0' // spring 3 -> jakarta compileOnly 'javax.servlet:javax.servlet-api:4.0.1' // spring 2 -> javax - compileOnly 'io.projectreactor.netty:reactor-netty-http:1.2.1' // For Spring Webflux + compileOnly 'io.projectreactor.netty:reactor-netty-http:1.2.8' // For Spring Webflux compileOnly 'io.javalin:javalin:6.4.0' - compileOnly 'org.springframework:spring-web:5.3.20' + compileOnly 'org.springframework:spring-web:6.2.11' + + // Version constraints for transitive dependencies + constraints { + implementation 'io.netty:netty-codec-http:4.1.133.Final' + implementation 'org.springframework:spring-core:6.2.11' + implementation 'org.springframework:spring-webmvc:6.2.11' + implementation 'org.springframework:spring-beans:6.2.11' + implementation 'org.springframework:spring-expression:6.2.11' + implementation 'org.springframework:spring-context:6.2.11' + implementation 'io.netty:netty-codec-dns:4.1.133.Final' + implementation 'org.eclipse.jetty:jetty-server:12.0.33' + implementation 'org.eclipse.jetty:jetty-http:12.0.33' + implementation 'io.netty:netty-codec:4.1.133.Final' + implementation 'io.netty:netty-codec-http2:4.1.133.Final' + implementation 'io.netty:netty-handler:4.1.118.Final' + implementation 'io.netty:netty-handler-proxy:4.1.133.Final' + implementation 'io.netty:netty-common:4.1.118.Final' + } } shadowJar {